Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-0489 |
Description: The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVSS: LOW (0.0) EPSS Score: 0.06%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-11107 |
Description: The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-10708 |
Description: The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-9651 |
Description: The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-28168 |
Description: Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.
CVSS: LOW (3.7) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-2812 |
Description: The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: LOW (0.0) EPSS Score: 0.05%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-2805 |
Description: The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-24375 |
Description: Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.5.14.
CVSS: LOW (3.5) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-23825 |
Description: Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
CVSS: LOW (3.1) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-23814 |
Description: Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13.
CVSS: LOW (3.8) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|